Over the last few years, several technologies have been suggested in order to strengthen or replace the traditional password input field, as a result of its vulnerability to keyloggers. This whitepaper surveys the myths of anti-leylogger technologies, and pinpoints material flaws in each such technology.

Interesting read, though it was written when IE6 and Firefox 2 were current and turns into an ad for Trusteer Rapport by the end of it. I'm sure most of their points still hold up today. Virtual keyboards seem like an inconvenient way to not gain any real security.